We Built Private Post-Training and Inference for Frontier Models
First multi-GPU TEE stack for training trillion-parameter models with under 10% overhead.
WizardryBold BetZero to One
oscarmoxon
713mo ago
Security Projects
Security projects from Show HN — penetration testing, encryption, privacy tools, and vulnerability scanners.
Vett – Scan, sign, and verify AI agent skills before installing
First real supply-chain defense for AI agent ecosystems; catches nation-state-grade payloads.
Zero to OneBig BrainWizardry
nikon
303mo ago
CVE-2026-40369 Windows Kernel Arbitrary Write Chrome SBX
100% deterministic SYSTEM escalation from Chrome sandbox via audited syscall.
WizardryBig BrainRabbit Hole
orinimron123
3017d ago
Edictum – Runtime governance for LLM agent tool calls
Proves text safety ≠ tool-call safety; catches hidden harmful executions deterministically.
Zero to OneBig BrainWizardry
acartag7
203mo ago
Whorl – Fingerprinting LLMs as horrible password generators
Identifies LLM models by password bias patterns when they refuse to tell you.
Big BrainZero to OneNiche Gem
tehryanx
202mo ago
Honeypo(e)t – a honeypot that replies to every scan with a poem
Responds to every internet knock with a tailored poem. Pure whimsy meets security observation.
Zero to OneWizardryCozy
Honeypoet
103mo ago
We gave an OpenClaw full tool access and hit stop. It didn't stop
Empirical proof: AI agents ignore stop commands and delete emails without enforceable boundaries.
Zero to OneBig BrainWizardry
davidresilify
113mo ago
Terminal Phone – E2EE Walkie Talkie from the Command Line
E2E voice over Tor in pure Bash; no server, no accounts, .onion address is your identity.
WizardryBold BetSolve My Problem
smalltorch
322853mo ago
GitHub
A HTTP credential proxy and vault for AI agents like Claude Code, OpenClaw, Hermes, custom agents + harnesses, and more.
1,616Go
●●●Banger
Agent Vault – A HTTP credential proxy and vault for AI agents
Agents never see credentials — brokered access beats retrieval for prompt injection safety.
Zero to OneSolve My Problem
dangtony98
156561mo ago
Claw Patrol, a security firewall for agents
Wire-protocol parsing gates agent actions before they hit production—no LLM gateway does this.
Big BrainZero to OneSolve My Problem
rough-sea
111315d ago
GitHub
Open source Baltic Sea shadow fleet tracker. 1200+ vessels, live AIS, cable proximity alerts. No cloud, no subscription, runs locally
41Python
●●●Banger
Baltic shadow fleet tracker – live AIS, cable proximity alerts
Cable proximity alerts on shadow fleet vessels when MarineTraffic only shows positions.
Dark HorseZero to OneNiche Gem
FormerLabFred
56182mo ago
Mezz, a curl-able WiFi sandbox for IoT pentesting
Turns any Linux laptop into a curl-able IoT pentest lab with per-query DNS logging.
WizardryNiche Gem
ABGEO
40101mo ago
Logira – eBPF runtime auditing for AI agent runs
eBPF runtime visibility for AI agents—first tool solving the trust problem with Claude Code and similar.
Solve My ProblemWizardry
melonattacker
2633mo ago
Shibuya – A High-Performance WAF in Rust with eBPF and ML Engine
eBPF kernel drops + dual ML engine beats Cloudflare in latency, single microsecond blocks.
WizardryBig BrainBold Bet
germainluperto
22183mo ago
GitHub
Agent Beacon is the world's first open-source telemetry layer for AI agents wherever they run: locally, in CI, or in the cloud.
217Go
●●●Banger
Beacon - The open-source layer for local AI agent visibility
Endpoint telemetry for AI agents when cloud logs miss local activity.
Solve My ProblemShip It
jqdsouza
211027d ago
Make sure your OpenClaw isn't doing things it's not supposed to
Blocks unauthorized agent actions before execution with cryptographic intent binding.
Solve My ProblemShip It
vaibhavb007
1852mo ago
CipherStash Stack – Data Level Access Control in TS/JS
Searchable encryption running queries over ciphertext faster than AWS KMS direct.
Big BrainWizardrySolve My Problem
dandraper
17025d ago
Ash, an Agent Sandbox for Mac
macOS Endpoint Security frameworks beat sandbox-exec for AI agent isolation.
WizardrySolve My Problem
amsha
16153mo ago
I built an SDK that scrambles HTML so scrapers get garbage
CSS flex ordering makes textContent return garbage while visual rendering stays perfect.
WizardryBig Brain
larsmosr
16383mo ago
OkaiDokai, tool-level firewall for OpenClaw, Claude Code and Codex
Per-request push approval for agents with sub-ms rule matching; beats static policies cold.
Solve My ProblemSlick
cedel2k1
1503mo ago
Agent Passport – OAuth-like identity verification for AI agents
First open standard for agent identity—solves a real security gap Cisco documented.
Zero to OneBold Bet
samerismail
14153mo ago
GitHub
A CI/CD Red Team Framework for demonstrating Build Pipeline security risks.
337Go
●●●Banger
SmokedMeat, like Metasploit, but for CI/CD (open-source)
Metasploit for CI/CD pipelines with terminal UI and cloud provider pivoting.
WizardryNiche Gem
flexorium
1392mo ago
XTrace – Encrypted vector DB (search embeddings without exposing them)
Homomorphic encryption on vector search when Pinecone and Qdrant require plaintext on server.
WizardryBig BrainZero to One
TristanX
1331mo ago
Endo Familiar, an O-cap based JavaScript agent sandbox
O-cap security model beats the credential-bag approach every agent framework currently uses.
Big BrainBold BetZero to One
zmanian
1331mo ago
Cerno – CAPTCHA that targets LLM reasoning, not human biology
Motor-control maze analysis targets LLMs where Turnstile and hCaptcha fail.
Zero to OneWizardryBold Bet
plawlost
12212mo ago
Vestauth – Auth for Agents
Agent auth via key-signing beats API keys and OAuth for autonomous systems.
Big BrainSolve My ProblemZero to One
scottmotte
1113mo ago
GitHub
The Runtime Security Layer for OpenClaw/Hermes-agent, the essential safety harness for PII & sensitive credentials protection.
294Rust
●●●Banger
ClawShell, Process-Level Isolation for OpenClaw Credentials
Moves credential security from prompt-injection hope to OS process isolation for agents.
Solve My ProblemZero to One
guanlan
1013mo ago
How to analyze your LLM output – A behavioural health monitor for LLMs
Detects sycophancy and jailbreak drift in LLMs without needing model weights.
Big BrainBold BetNiche Gem
k-thimmaraju
10727d ago
TLS Certificate Management and PKI
Finally, a certificate manager that works for home labs, not just enterprises.
Solve My ProblemDark Horse
zaitanz
10024d ago
We post-trained a model that pen tests instead of refusing your code
Post-trained model for offensive security instead of wrapping GPT with safety refusals.
Big BrainBold Bet
dk189
1046d ago
My agents are building a secure fork of OpenClaw
AI agents get credentials without ever seeing them—SQL prepared statements for secrets.
Zero to OneBig BrainWizardry
stcredzero
904mo ago
GitHub
Scan your dev machine for AI agents, MCP servers, IDE extensions, and suspicious packages - in seconds.
153Go
●●●Banger
Scan your dev machine for AI agents, MCP servers, and IDE extensions
Fills the EDR blind spot for AI tooling — timely and actually useful today.
Solve My ProblemDark Horse
varunsharma07
903mo ago
Gecit – DPI bypass using eBPF sock_ops, no proxy or VPN
eBPF sock_ops injection beats GoodbyeDPI with kernel-level packet manipulation.
WizardryDark Horse
boratanrikulu
922mo ago
TunnelMind – reputation API for IPs, ASNs, and ad-tach supply chains
Cross-correlates threat intel across four lenses where incumbents stay siloed.
Big BrainZero to One
o2k
9113d ago
GitHub
an implementation of the ideas in Erik Meijer's "Guardians of the Agents: Formal Verification of AI Workflows" (Communications of the ACM, January 2026)
85Python
●●●Banger
Guardians – Verify tool-using agent workflows before execution
Applies formal verification to prevent prompt injection before any tool executes.
WizardryBig BrainZero to One
namin
802mo ago
Userland local agent sandbox with real-time network control dashboard
Kernel-enforced agent sandboxing that blocks .env access without container overhead.
WizardrySolve My ProblemZero to One
cowpig
713mo ago
ZeroID – Open-source identity and delegation for autonomous agents
Solves agent identity before standards bodies even finish the spec.
Zero to OneBig BrainBold Bet
saucam
702mo ago
ZeroID – Open-source identity for AI agents based on OIDF standards
RFC 8693 agent identity with delegation chains before standards even exist.
Zero to OneBold Bet
jalbrethsen
752mo ago
GitHub
A privacy-preserving Raspberry Pi home security camera that uses advanced end-to-end encryption.
1,572Rust
●●●Banger
Open-source private home security camera system (end-to-end encryption)
Reproducible builds across entire stack with E2E encryption, unlike Ring or Nest.
Dark HorseSolve My ProblemWizardry
arrdalan
7023d ago
Kontext.dev – Runtime Credentials for Agents
Scoped runtime credentials for AI agents replace insecure .env API keys.
Solve My ProblemBig BrainShip It
michiosw
613mo ago
Age-PHP: a PHP implementation of age encryption (post-quantum)
Post-quantum hybrid encryption finally arrives in PHP where it's been missing.
WizardryDark Horse
some_furry
612mo ago
PrivateClaw – AI agents running in confidential VMs you can verify
Hardware-enforced TEEs mean even the host OS can't read your AI prompts.
WizardryZero to One
lambence
601mo ago
SSH-TPM-agent · Release v0.9.0
Hardware-bound SSH keys sealed in TPM without messy PKCS11 config.
WizardrySolve My Problem
Foxboron
631mo ago
Retroguard – Verifiably secure AI guardrails
Hardware-enforced attestation beats the usual 'trust us' promises of cloud guardrails.
Big BrainSolve My Problem
ttttonyhe
601mo ago
Mailenc – Test if your PGP email setup works
Live PGP round-trip test with streaming logs beats static key checkers.
Solve My ProblemZero to OneSlick
soeckly
601mo ago
Portable Secret – Open-Source HTML files that self-decrypt offline
Browser-native encrypted files, no app needed, works offline permanently.
Solve My ProblemCozySlick
alcazar
503mo ago
K9 Audit – Causal intent-execution audit trail for AI agents
Intent contracts catch what agents were supposed to do, not just what they did.
Big BrainZero to One
zippolyon
533mo ago
GitHub
Security scanner for Agent Skills — uncover hidden threats before deployment.
127Python
●●●Banger
A security scanner for AI Agent Skills
Docker sandbox execution catches runtime threats static analysis alone misses.
Big BrainBold Bet
mayziem
502mo ago